Option to Encrypt selected folders uploaded to Google Docs

Since documents are now being sent to the cloud security will always be a concern. I now encrypt files that have sensitive information before they are sent to Google Docs using SyncDocs. A option to selectively encrypt files or folders as they are uploaded to Google docs would be ideal. Conversely files would be decrypted when they are downloaded or synced to a local PC.

I currently use AcCrypt (http://www.axantum.com/axcrypt/) an open source program to encrypt sensitive files before I save them in Google Docs. This program uses 256 bit AES encryption. I have to manually encrypt the files then move them into a directory that is synced using Syncdocs. If you take a look at the AxCrypt website they claim their product is a perfect complement to Dropbox, Box.net and others. Syncdocs would have a huge advantage if the encryption could take place as part of the upload process to Google Docs. Conversely automatic decryption as part of the download to the local PC would complete the process.

Hi guys. Ive used syncdocs for almost a year and looking forward to hear from you about the feature mentioned above. I need encryption implemented into syncdocs that would be able to encrypt/decrypt on the fly. I think its not handy to use boxcyptor or other 3rd part program. It SHOULD be implemented already in it!

@Phil: I use syncdocs only for myself. I use it on 2 machines: at home and at work. Since I use it for all my files including the sensitive ones I would like to be able to encrypt chosen folders or/and files. For instance be able to mark folders where all the files would be encrypted automatically. Security of the data is only my concern when it comes to google's servers. The files stored locally don't have to be secured at all.
The solution like boxcryptor require to have the copy of the same data in local folder as a mirror of google's server (so encrypted) and as well as other drive where you drag 'n' drop files and folders you want to encrypt. That makes it work double. I just need to have it encrypted at google docs. The other problem is that in boxcryptor there is only possibility to encrypt one folder at the time so you cant choose copule of them to work with. This is what would be nice to have in syncdocs! BR

I agre with cccp's comments. Ideally files could be automatically encrypted as they are uploaded and saved in Google docs. The reverse process to download the file to my PC's in a non-encrypted file would be ideal. I do not care about sharing the encrypted file in Google docs. I have sensitive information I want synch'd across my computers that I want protected in Google docs.

I agre with cccp's comments. Ideally files could be automatically encrypted as they are uploaded and saved in Google docs. The reverse process to download the file to my PC's in a non-encrypted file would be ideal. I do not care about sharing the encrypted file in Google docs. I have sensitive information I want synch'd across my computers that I want protected in Google docs.

This feature is particularly important with all of the negative (and undeserved) press related to their new data use policy. Encryption of the data stored in Google Docs would alleviate any fears of sensitive data being used improperly.

guys, as much as I favor and also use encryption wherever necessary ... it's really hard to do when you consider all the great collaboration features built into google docs. If encryption is not done perfectly, it creates false security, which is worse than no security at all.

If you want decentralized user controlled deep encryption and still being able to sync/merge changes to an object (file) from various users, you will have to rely on a pgp-style public private key infrastructure. Every user has its private key. An object will need all the public keys from all the users that have access to that object in order to be encrypted. You need to consider all the ACL changes over time.
In the long run you need a web-browser plugin to the Google docs user interface and/or android/ios based user interface that can tap into your key storage to do the on-the-fly decryption/encryption. All the key management complexity needs to be hidden from the average user (if you don't, it ends up like email encryption). There are ton's of other things to consider also. So, in my opinion this is huge to almost impossible if not done inside the google apps platform.

In the meantime and for as long as there are people used to working on a Windows desktop there are many file based encryption tools. Is it really a smart idea to use Google docs as a file storage, without the intend to work on the data collaboratively? Isn't there easier ways for plain file storage if you consider Google's infant docs API?

For me, syncdocs approach is a mere vehicle to help people to get away from classical MS Windows desktop software and to start using browser based and android/ios apps. Then maybe it also provides a local on-premise backup, in case Google screws up or I loose access to the Google account. But backing up Google Apps will be integral part of many apps in the long run.

So, I'm fine with Syncdocs the way it works right now. Please, don't feature creep this tool and create a complexity with all the bugs that follow from that.

Reply to Dan: You have a different use case for Google Docs and Syncdocs. I agree with your comments if you are using Google Docs for collaboration. In my case I am using Google Docs purely as a file backup and sync repository. I am backing up file types that are not supported by Google Docs (Example: Accounting system data). I am not using Google Docs for collaboration.

I believe there are a fair number of SyncDoc users who are using SyncDocs and Google Docs in a similar manner as I.

Encryption should be implemented as an option. The default can be non-encryption.

I suspect if you look at competitive products encryption is becoming a standard.

While I too would love to see an encryption option I feel it would complicate the product and possibly pull Syncdocs away from its original objective of synchronizing Google docs content across multiple platforms while supporting the full feature set including sharing. There are many fine offerings in the backup space that offer encryption both in transit and at rest. Few interface with Google storage for good reason. Just look at some of the challenges the current set of APIs present to developers!

Dan, Greg and Davey, thanks for the great comments. They mirror the arguments we've had internally here about the topic:
Encryption is easy to do, but hard to do well, the key management and distribution is the hassle. There is the possibility of a false sense of security, and data loss if you forget (or someone else changes) your password. Also it is hard to share encrypted stuff without a PKI architecture. On the other hand, it's something many people want, and adds an extra layer of security to the stuff stored online.

LOL "advanced feature". If done well, it would sure be a unique selling point, a game changer of some sort.

But then you would have to think about open sourcing this in the long run, because serious users (or IT staff in charge) would never ever trust code that they them self can't easily(!) review or have it reviewed by a large developer community (think TrueCrypt, openGPG, ...).

In my view, encrypting stuff to put in a public "cloud" only makes sense if you have to protect against serious illegitimate access from third parties that could 'sink your ship'. For tech companies (or industry leaders in general) that's espionage by foreign governments that can tap into Google Apps without you ever knowing it (think patriot act with all its sideshows). For active citizens its to protect their freedoms against oppressive regimes of all sort all over the world.
Then there are laws in some countries, that prohibit storing of personal data (customer bank account information, address, names, etc) with third parties unless you exactly know how and where they store your data and you can gain on-site access to their servers, etc.

Aside from key management (which is huge) another potential complication is granularity on what gets encrypted. A simple 'all-or-nothing' toggle sans PKI probably wouldn't do it as encryption breaks sharing. Now were are talking folder/collection based options which gets messy quickly.

The more I think about encryption I am now tending to think this is a Google issue. The Amazon cloud optionally encrypts stored files in the cloud. I know I started this stream but I am beginning to agree that encryption falls out of the scope of SyncDocs.

@Greg. If I remember right the data stored on GFS (google distributed file storage system) gets somewhat encrypted. If you happen to use co-located data centers you kind o have to. Basically they chop 3+ copies of your file in pieces and it gets saved in multiple locations somewhere around the world. This is the consequence of their "no single point of failure, nowhere" paradigm. Of course, the only remaining spof is Google itself, if what started out as a no evil enterprise turns in its opposite over time. That's open and up to the people working there, I guess.

This is why a user controlled client side encryption makes sense, so no third party can access your private data.

With the current development of the Google Drive, Syncdocs better gets ready to find a niche like user controlled encryption, for example.

The Google Docs team will most likely not care much about that issue, because of the general mindset and corporate culture at Google. If you want to make all the worlds data available, shareable and so on ... deep encryption is the last thing you care about.

@Dan. I agree with last post but I do believe Google will still need to address encryption. Their approach towards breaking up files will likely satisfy most users. But Google is trying to push Google Docs to corporate accounts. I think eventually they will have to provide encryption particularly for some of their government accounts. Based on the amount of discussion I found on the web on this topic there appears to be quite a few users who will not use Google Docs without encryption.

I also agree that if Google Drive is more than a rumor, additional features such as user controlled encryption would help differentiate Syncdocs from the competition.

May be not. Google doesn't even care about providing enigmail like PGP integration with their Google Apps for business mail. On Android you may use K9mail. But browser based deep encryption (with js) ... I only found one prototype lib: http://gpg4browsers.recurity.com. And it's close to impossible to securely use js for an encryption app. How do you wipe your pass-phrase out of local memory, for example?

The issue with user controlled encryption has been around for so long. I think, the larger the organization, the less they can actually apply it at moderate cost. It would be a real pain to make everything audit-able. Say you work at a U.S. based organization and have a document encrypted, only for you to see. Technically it would always have to be accessible over time by users within a certain admin group - if in a law suit you are requested to provide all the documents of a department in question (think ms exchange: legal hold). So there is no point in storing that critical information within the domain in the first place - even if encrypted.

I'm quite optimistic that Google will not touch user controlled deep encryption. Just to many interest groups that wouldn't be amused, besides all the practical obstacles.